Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removed Hoax.renos and backdoor trojans - anything left ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby charlieb64 » September 14th, 2009, 6:47 pm

Hi I removed the malware above but computer still deems to be running slow. Can you tell me if I still have problems.
Appreciate any help you can give me.

Thanks

Charlie
Here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:51 PM, on 9/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2962625656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3708 bytes
charlieb64
Active Member
 
Posts: 5
Joined: September 14th, 2009, 6:41 pm
Advertisement
Register to Remove

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby MWR 3 day Mod » September 18th, 2009, 12:17 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby muppy03 » September 18th, 2009, 11:06 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O20 - AppInit_DLLs: cru629.dat

Once selected close all windows except HJT an click on Fix Checked


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Uninstall list
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4788
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby charlieb64 » September 19th, 2009, 11:02 am

Hi
Thanks for the response - this computer is at my office - I will send the logs on Monday
charlieb64
Active Member
 
Posts: 5
Joined: September 14th, 2009, 6:41 pm

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby muppy03 » September 19th, 2009, 6:53 pm

Ah,is it a work/business computer then?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4788
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby charlieb64 » September 19th, 2009, 7:48 pm

It was given to me when we upgraded - I thought I would try to fix it before I brought it home.
charlieb64
Active Member
 
Posts: 5
Joined: September 14th, 2009, 6:41 pm

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby charlieb64 » September 21st, 2009, 5:29 pm

Thanks for the response and taking time to help.
Here are the logs you requested:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cliff Leduc at 2009-09-21 14:24:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (82%) free of 38 GB
Total RAM: 510 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:49 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Cliff Leduc\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cliff Leduc.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2962625656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3278 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-01 2007832]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
C:\WINDOWS\system32\braviax.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"
"C:\Program Files\Microsoft Office\Office12\MSTORE.EXE"="C:\Program Files\Microsoft Office\Office12\MSTORE.EXE:*:Enabled:MSTORE"
"C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe"="C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e56856a-045b-11de-a609-000d561f75be}]
shell\AutoRun\command - E:\ukgki.cmd
shell\explore\command - E:\ukgki.cmd
shell\open\command - E:\ukgki.cmd


======List of files/folders created in the last 1 months======

2009-09-21 14:24:37 ----D---- C:\rsit
2009-09-19 03:02:24 ----D---- C:\WINDOWS\system32\KB905474
2009-09-19 03:01:23 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-09-19 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-09-19 03:00:14 ----D---- C:\WINDOWS\LastGood
2009-09-18 10:40:16 ----D---- C:\Program Files\Panasonic
2009-09-18 10:40:16 ----A---- C:\WINDOWS\system32\SDDEVMGR.dll
2009-09-18 03:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-09-18 03:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-09-18 03:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-09-18 03:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-09-18 03:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-09-18 03:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-09-18 03:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-09-18 03:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-09-18 03:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-09-18 03:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-09-18 03:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-09-18 03:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-09-18 03:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-09-18 03:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-09-18 03:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-09-18 03:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-09-18 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-09-18 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-09-18 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-09-18 03:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-09-18 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-09-18 03:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-09-18 03:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-09-18 03:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-09-18 03:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-09-18 03:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-09-18 03:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-09-18 03:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-09-18 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-09-18 03:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-09-18 03:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-09-18 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-09-18 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-09-18 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-09-18 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-09-18 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-09-18 03:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-09-18 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-18 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-09-18 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-09-18 03:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-09-18 03:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-09-18 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-09-18 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-09-18 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-09-18 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-09-18 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-09-18 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-09-18 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-09-18 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-09-18 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-09-18 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-09-18 03:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-09-18 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-09-18 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-09-18 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-09-18 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-09-18 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-09-18 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-09-18 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-09-18 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-09-18 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-09-18 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-09-18 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-09-17 11:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-17 11:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-09-16 16:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-16 16:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-16 16:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-16 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-16 16:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-16 16:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-16 16:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-16 16:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-16 16:03:01 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-16 16:02:57 ----D---- C:\Program Files\MSBuild
2009-09-16 16:02:48 ----D---- C:\Program Files\Reference Assemblies
2009-09-16 16:02:19 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-16 16:02:19 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-16 16:02:19 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-16 16:02:18 ----D---- C:\3b3e1e1becf8866078a369e9
2009-09-16 15:58:41 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-16 15:58:36 ----D---- C:\Program Files\MSXML 6.0
2009-09-16 15:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-16 15:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-16 15:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-16 15:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-16 15:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-16 15:56:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-16 15:43:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-16 15:38:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-16 15:38:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-15 06:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-15 06:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-15 06:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-15 06:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-09-15 06:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-15 06:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-15 06:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-15 06:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-15 06:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-15 06:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-15 06:07:06 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-15 06:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-15 06:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-15 06:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-15 06:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-15 06:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-09-15 06:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-15 06:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-14 16:09:57 ----D---- C:\WINDOWS\BDOSCAN8
2009-09-14 14:13:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-14 13:22:14 ----D---- C:\Documents and Settings\Cliff Leduc\Application Data\Malwarebytes
2009-09-14 12:26:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-14 12:22:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-14 10:35:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 10:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:32:27 ----A---- C:\WINDOWS\osade.exe
2009-09-11 14:32:27 ----A---- C:\WINDOWS\mofipal.com
2009-09-11 14:32:27 ----A---- C:\Documents and Settings\Cliff Leduc\Application Data\wyzi.bat
2009-09-11 14:23:40 ----SHD---- C:\WINDOWS\CSC
2009-09-11 12:57:11 ----D---- C:\Program Files\Trend Micro
2009-09-08 13:58:19 ----D---- C:\Documents and Settings\Cliff Leduc\Application Data\MSNInstaller

======List of files/folders modified in the last 1 months======

2009-09-21 14:05:39 ----D---- C:\WINDOWS\Prefetch
2009-09-21 12:55:59 ----D---- C:\WINDOWS\Temp
2009-09-19 12:47:58 ----HD---- C:\$AVG8.VAULT$
2009-09-19 12:47:58 ----D---- C:\WINDOWS\system32
2009-09-19 03:03:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-19 03:02:25 ----SD---- C:\WINDOWS\Tasks
2009-09-19 03:02:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-19 03:01:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-19 03:01:32 ----HD---- C:\WINDOWS\inf
2009-09-19 03:01:31 ----D---- C:\WINDOWS
2009-09-19 03:01:13 ----D---- C:\Program Files\Windows Media Player
2009-09-19 03:00:33 ----SHD---- C:\WINDOWS\Installer
2009-09-18 10:40:16 ----RD---- C:\Program Files
2009-09-18 10:40:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-18 10:39:56 ----D---- C:\Program Files\Internet Explorer
2009-09-18 10:39:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-18 09:50:35 ----D---- C:\WINDOWS\Debug
2009-09-18 03:18:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-18 03:16:11 ----D---- C:\WINDOWS\msagent
2009-09-18 03:15:40 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-18 03:09:03 ----D---- C:\WINDOWS\system32\drivers
2009-09-18 03:08:00 ----D---- C:\WINDOWS\WinSxS
2009-09-18 03:07:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-18 03:07:00 ----D---- C:\Program Files\Messenger
2009-09-18 03:05:53 ----D---- C:\Program Files\Outlook Express
2009-09-18 03:05:53 ----D---- C:\Program Files\Common Files\System
2009-09-18 03:05:26 ----D---- C:\WINDOWS\system32\Com
2009-09-17 11:36:02 ----D---- C:\Program Files\Online Services
2009-09-16 16:53:37 ----RSD---- C:\WINDOWS\assembly
2009-09-16 16:30:29 ----D---- C:\WINDOWS\system32\wbem
2009-09-16 16:02:55 ----D---- C:\WINDOWS\system32\en-US
2009-09-16 16:02:53 ----RSD---- C:\WINDOWS\Fonts
2009-09-16 16:00:06 ----D---- C:\WINDOWS\system32\mui
2009-09-16 15:56:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-16 15:34:12 ----D---- C:\Program Files\Windows Desktop Search
2009-09-16 15:34:11 ----D---- C:\WINDOWS\system32\Setup
2009-09-16 15:34:11 ----D---- C:\WINDOWS\AppPatch
2009-09-14 16:10:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-14 14:58:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-14 14:10:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-13 12:31:25 ----D---- C:\WINDOWS\Drivers
2009-09-11 14:32:26 ----D---- C:\Program Files\Common Files
2009-09-08 13:58:20 ----D---- C:\Program Files\MSN
2009-09-08 13:57:02 ----D---- C:\WINDOWS\twain_32
2009-09-01 09:32:21 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-01 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-23 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2002-11-12 99840]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-01 297752]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-09-21 14:24:51

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Color Network ScanGear Ver.2.43-->MsiExec.exe /X{FFDC1DCA-4D85-4835-8313-B656319F046F}
Command WorkStation 4 .1.0.52-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60A73620-3618-11D2-AD1A-006008A6ABE2}\setup.exe" remove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O20 - AppInit_DLLs: cru629.dat [2009-09-14]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: ADMIN2
Event Code: 3019
Message: The redirector failed to determine the connection type.

Record Number: 1946
Source Name: MRxSmb
Time Written: 20090703123727.000000-420
Event Type: warning
User:

Computer Name: ADMIN2
Event Code: 3019
Message: The redirector failed to determine the connection type.

Record Number: 1945
Source Name: MRxSmb
Time Written: 20090703123725.000000-420
Event Type: warning
User:

Computer Name: ADMIN2
Event Code: 3019
Message: The redirector failed to determine the connection type.

Record Number: 1944
Source Name: MRxSmb
Time Written: 20090703123723.000000-420
Event Type: warning
User:

Computer Name: ADMIN2
Event Code: 3019
Message: The redirector failed to determine the connection type.

Record Number: 1943
Source Name: MRxSmb
Time Written: 20090703123720.000000-420
Event Type: warning
User:

Computer Name: ADMIN2
Event Code: 20
Message: Printer Driver Canon iR2200-3300 PCL6 for Windows NT x86 Version-3 was added or updated. Files:- Cnp60M_DFFA7.DLL, Cnp60MUI_DFFA7.DLL, IR2200XU.XPD, Cnp60U_DFFA7.CHM, IR2200XU.UPD, CnP6FFA7.DAT, Cnp60409_DFFA7.DLL, cnxp0log.DLL, AUSSDRV.DLL, CnxD0230.dat, CnxDias2.DLL, CNLK.PRF, CPC10S.DLL, CPC10D.EXE, CPC10Q.EXE, CPC10E.DLL, CPC10V.EXE, CPC1US.DLL, CPC1US.CHM, cnxpcf32.DLL, cnxpcp32.DLL, CnPXCM32.DLL, UCS32P.DLL, cnxptn32.DLL, iR2200XU_D417B.upd.

Record Number: 1942
Source Name: Print
Time Written: 20090703122839.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRA~1\COMMON~1\EFI;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


StartupList report, 9/21/2009, 2:12:04 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Malwarebytes Anti-Malware (reboot) = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

WGASetup.job

--------------------------------------------------

Enumerating Download Program Files:

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan82.ocx
CODEBASE = http://download.bitdefender.com/resourc ... oscan8.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup ... 2962625656

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Cliff Leduc\Desktop\ricoh tools\BasicSupportTool_RICOH20080908\RsInfo.exe||C:\Documents and Settings\Cliff Leduc\Desktop\ricoh tools\BasicSupportTool_RICOH20080908\RsiUtil.dll||C:\Documents and Settings\Cliff Leduc\Desktop\ricoh tools\MailSupportTool_RICOH20080908\RsInfo.exe||C:\Documents and Settings\Cliff Leduc\Desktop\ricoh tools\MailSupportTool_RICOH20080908\RsiUtil.dll||C:\DOCUME~1\CLIFFL~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\CLIFFL~1\Cookies\index.dat||C:\DOCUME~1\CLIFFL~1\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\CLIFFL~1\LOCALS~1\History\History.IE5\MSHIST~4\index.dat


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 5,296 bytes
Report generated in 0.125 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
charlieb64
Active Member
 
Posts: 5
Joined: September 14th, 2009, 6:41 pm

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby muppy03 » September 22nd, 2009, 5:59 am

It was given to me when we upgraded - I thought I would try to fix it before I brought it home.


Do you know what E:\ drive is? Is it some kind of flash drive? There is infection still showing on it, and if used on clean computers could infect them.

There are signs of some serious previous infection on this computer. Including a backdoor Trojan. My best advice is since it is an ex-work computer, is that you get the disks from the IT dept and do a complete reformat and reinstall before you begin to load your personal programs and data on it.

Start your surfing clean and free of past issues :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4788
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Removed Hoax.renos and backdoor trojans - anything left ?

Unread postby Gary R » September 25th, 2009, 11:45 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 22363
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware